Privacy Policy

Hercules – Gym Tracker

Last Updated: March 8, 2026

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

This Policy applies to users worldwide, including residents of California and the European Union/EEA. If you are located in one of these regions, additional rights and disclosures apply as described in the relevant sections below.

1. Interpretation and Definitions

Interpretation

Words whose initial letters are capitalized have meanings defined under the following conditions. The definitions below shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of voting securities.
  • Application refers to Hercules – Gym Tracker, the software program provided by the Company.
  • Company (also referred to as "We", "Us", or "Our") refers to Hercules – Gym Tracker.
  • Cookies are small files placed on Your Device by a website, containing details of Your browsing history among their many uses.
  • Country refers to: Indiana, United States.
  • Device means any device that can access the Service, such as a computer, mobile phone, or digital tablet.
  • Health Data means information related to Your physical fitness and wellness, including workout logs, exercise history, weight, body measurements, and related metrics that You voluntarily provide through the Application.
  • Personal Data (or Personal Information) is any information that relates to an identified or identifiable individual. We use these terms interchangeably unless a specific law requires otherwise.
  • Service refers to the Application, the Website, or both.
  • Service Provider means any natural or legal person who processes data on behalf of the Company.
  • Usage Data refers to data collected automatically, either generated by use of the Service or from the Service infrastructure itself.
  • Website refers to Hercules – Gym Tracker, accessible from https://hercules-gym.com/.
  • You means the individual accessing or using the Service, or the entity on whose behalf such individual is acting.

2. Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information, including but not limited to:

  • Email address
  • First name and last name
  • Date of birth
  • Gender
  • Health and fitness data (workouts, exercise logs, weight, body measurements, and similar metrics You voluntarily enter)
  • Fitness profile information (experience level, primary fitness goal, available equipment, and preferred training days per week)
  • Payment and transaction information (processed through Apple App Store or Google Play; We do not store full payment card details)

Health and Fitness Data

Because Hercules – Gym Tracker is a fitness application, You may voluntarily submit Health Data including workout logs, personal records, body weight, height, measurements, exercise history, and outdoor activity route data. This data is treated as sensitive personal information and is used solely to provide and improve the Application. We do not sell, rent, or share Health Data with third-party advertisers. Health Data is processed only with Your explicit consent, which may be withdrawn at any time by deleting Your account.

Usage Data

Usage Data is collected automatically when using the Service and may include Your Device IP address, browser type and version, pages visited, time and date of visit, time spent on pages, unique device identifiers, and other diagnostic data. When You access the Service through a mobile device, We may also collect mobile device type, unique device ID, mobile operating system, and mobile browser type.

Location Information

With Your prior permission, We may collect precise location information (GPS coordinates) to provide certain features of the Application, such as outdoor activity tracking (e.g., running, walking, or cycling route recording). The Application may collect location data in the background (when the app is not in the foreground or when Your device screen is locked) to ensure continuous route tracking during outdoor workout sessions that You have actively started. Background location data is collected only while an outdoor tracking session is actively in progress and stops immediately when You end the session. You can enable or disable location access at any time through Your Device settings.

Push Notification Data

With Your permission, We may collect a device push notification token to deliver workout reminders and other notifications You have opted into. You can disable push notifications at any time through Your Device settings.

AI Chat Data

If You use the Hercules AI feature (available to Premium subscribers), We collect and store the text messages You send to the AI assistant and the AI-generated responses. This data is stored in Your account to provide chat history and continuity across sessions. We also track AI feature usage (message counts and token usage) to manage service limits. AI chat data is associated with Your Account and is subject to the same data protection and retention policies as Your other Personal Data.

Local Device Storage

The Application stores certain data locally on Your Device (such as user preferences, settings, workout session state, and cached data) using standard mobile storage mechanisms. This local data remains on Your Device and is used to ensure the Application functions correctly, including offline functionality and crash-safe workout session recovery.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track activity on Our Service and store certain information. Where required by law, non-essential cookies are only placed with Your prior consent, which You may withdraw at any time through Your browser or device settings.

  • Necessary/Essential Cookies (Session): Required to authenticate users and provide the Service. Cannot be disabled without affecting core functionality.
  • Cookie Acceptance Cookies (Persistent): Record whether You have accepted the cookie notice.
  • Functionality Cookies (Persistent): Remember preferences such as login details or language to personalize Your experience.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including monitoring usage.
  • To manage Your Account and registration as a user.
  • For the performance of a contract: to process purchases made through Apple App Store or Google Play In-App Payments, managed via RevenueCat.
  • To contact You via email (sent through Resend), push notifications, or other electronic communications regarding updates, security notices, and informational communications related to the Service.
  • To provide You with news, special offers, and information about similar goods, services, and events, unless You have opted out.
  • To manage Your requests to Us.
  • For business transfers: to evaluate or conduct a merger, acquisition, restructuring, or similar transaction.
  • For analytics and service improvement: data analysis, identifying usage trends, and evaluating promotional campaign effectiveness.
  • To power the AI feature: Your messages to the AI assistant, along with relevant workout context from Your account, are processed by third-party large language model (LLM) providers to generate fitness-related responses (see Section 3 for details).

Sharing Your Personal Data

We may share Your Personal Data in the following situations:

  • With Service Providers: including Supabase (database and authentication infrastructure), Resend (email delivery), RevenueCat (subscription and payment management), OpenRouter and Google (AI language model processing), Apple App Store, and Google Play, to operate and improve the Service.
  • For business transfers: in connection with a merger, sale of assets, financing, or acquisition.
  • With Affiliates: who are required to honor this Privacy Policy.
  • With business partners: to offer You certain products, services, or promotions.
  • With Your consent: for any other purpose with Your explicit authorization.

3. Third-Party Services

Database and Authentication Infrastructure – Supabase

We use Supabase as Our primary database and authentication infrastructure provider. Your Account information, Health Data, workout data, AI chat history, and other Personal Data are stored in Supabase's hosted PostgreSQL databases with row-level security policies that isolate each user's data. Supabase processes data on Our behalf as a data processor in accordance with their Privacy Policy and applicable data processing agreements. All data transmitted to and from Supabase is encrypted in transit using TLS/HTTPS.

Email Communications – Resend

We use Resend (resend.com) to deliver transactional and informational emails. Your email address and related communication data are processed by Resend as a data processor on Our behalf, in accordance with their Privacy Policy. You may opt out of marketing emails at any time by clicking the unsubscribe link in any email or by contacting Us at support@hercules-gym.com.

In-App Purchases – Apple App Store and Google Play

Hercules – Gym Tracker offers paid subscriptions and in-app purchases through Apple App Store In-App Payments and Google Play In-App Payments. Payments are processed directly by Apple or Google. We do not receive or store Your full payment card information. We receive only limited transaction confirmation data (such as subscription status and transaction ID) necessary to fulfill Your purchase. Your use of these payment services is subject to Apple's and Google's respective privacy policies and terms of service.

Subscription Management – RevenueCat

We use RevenueCat (revenuecat.com) to manage in-app subscriptions, entitlements, and purchase history across platforms. RevenueCat may collect and process certain data including Your device identifier, purchase history, subscription status, and App User ID. RevenueCat acts as a data processor on Our behalf in accordance with their Privacy Policy. RevenueCat does not have access to Your full payment card information.

AI Feature – OpenRouter and Google Gemini

The Hercules AI feature uses OpenRouter (openrouter.ai) as an API routing service to access large language models, currently Google Gemini, to generate fitness-related responses to Your queries. When You use the AI feature, the text of Your messages, along with relevant contextual information from Your account (such as workout history summaries and fitness goals), is transmitted to OpenRouter and subsequently to the underlying model provider (Google) for processing. These third-party providers process this data solely to generate responses to Your queries and are contractually prohibited from using Your data for their own training purposes or other unrelated purposes. We recommend reviewing the privacy policies of OpenRouter and Google for further information on how they handle data.

4. Data Retention

We retain Your Personal Data only as long as necessary for the purposes described in this Privacy Policy:

  • Account Information: retained for the duration of Your account relationship plus up to 24 months after account closure.
  • Health and Fitness Data: retained while Your account is active; deleted within 30 days of an account deletion request.
  • AI Chat Data: retained while Your account is active. You may delete individual chat sessions at any time within the Application. All AI chat data is deleted within 30 days of an account deletion request.
  • Customer Support Data: up to 24 months from ticket closure.
  • Usage and Analytics Data: up to 24 months from collection.
  • Payment and Transaction Records: as required by applicable tax and financial laws.
  • Location Data: GPS route data from outdoor activities is stored as part of Your workout session history and is subject to the same retention periods as Health and Fitness Data. Location data is not retained independently of workout sessions.

We may retain data beyond these periods where required by legal obligation, to establish or defend legal claims, or due to technical backup schedules. Upon expiry, data is securely deleted or anonymized.

5. Transfer of Your Personal Data

Your Personal Data may be transferred to and maintained on computers located outside Your jurisdiction where data protection laws may differ. Our Service Providers, including Supabase, OpenRouter, Google, RevenueCat, and Resend, may process data in the United States and other countries. We ensure international transfers are subject to appropriate safeguards, including Standard Contractual Clauses where required for transfers from the European Economic Area, consistent with applicable law.

6. Deleting Your Personal Data

You have the right to delete or request deletion of Your Personal Data. You may do so via Your account settings within the Application, or by contacting Us at support@hercules-gym.com. You may also delete individual AI chat sessions and specific workout records directly within the Application. We may need to retain certain information where required by law or lawful obligation.

7. Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data becomes subject to a different Privacy Policy.

Law Enforcement

We may disclose Your Personal Data if required by law or in response to valid requests by public authorities (e.g., a court or government agency).

Other Legal Requirements

We may disclose Your Personal Data to comply with a legal obligation, protect and defend the rights or property of the Company, prevent wrongdoing in connection with the Service, protect the personal safety of users or the public, or protect against legal liability.

8. Security of Your Personal Data

We use commercially reasonable technical and organizational measures to protect Your Personal Data, including:

  • Encryption of data in transit using TLS/HTTPS.
  • Row-level security policies in Our database to isolate each user's data.
  • Secure authentication with session management and token refresh.
  • Password hashing and secure credential storage managed by Our authentication provider.

However, no method of transmission over the Internet or electronic storage is 100% secure, and We cannot guarantee absolute security. We encourage You to use a strong, unique password and protect access to Your account.

9. European Union / EEA – GDPR

If You are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) provides You with specific rights regarding Your Personal Data.

Legal Bases for Processing

  • Consent (Article 6(1)(a) GDPR): For Health Data, non-essential cookies, location data collection, push notifications, AI feature data processing, and marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Contractual Necessity (Article 6(1)(b) GDPR): To provide the Service, manage Your Account, and fulfill in-app purchases.
  • Legal Obligation (Article 6(1)(c) GDPR): Where processing is required by applicable law.
  • Legitimate Interests (Article 6(1)(f) GDPR): For analytics, fraud prevention, and service improvement, where not overridden by Your rights.
  • Explicit Consent for Special Category Data (Article 9(2)(a) GDPR): Health and fitness data is special category data and is processed only with Your explicit consent.

Your GDPR Rights

  • Right of Access: Request a copy of the Personal Data We hold about You.
  • Right to Rectification: Request correction of inaccurate or incomplete Personal Data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of Your Personal Data where no legitimate grounds for continued processing exist.
  • Right to Restriction of Processing: Request that We limit how We use Your data.
  • Right to Data Portability: Receive Your Personal Data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is consent-based.
  • Right to Lodge a Complaint: Lodge a complaint with Your local supervisory or data protection authority.

To exercise these rights, contact Us at support@hercules-gym.com with the subject line "GDPR Request". We will respond within 30 days as required by GDPR.

International Data Transfers

Where We transfer Your Personal Data outside the EEA, We ensure such transfers use appropriate safeguards including Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms.

10. California Online Privacy Protection Act (CalOPPA)

In accordance with CalOPPA:

  • Users may visit Our Service anonymously where applicable.
  • A link to this Privacy Policy is included on the homepage of Our Website and within the Application.
  • Users will be notified of privacy policy changes via the "Last Updated" date and by prominent notice on Our Service or by email.
  • Users can update their personal information via account settings or by contacting Us.

Regarding Do Not Track (DNT) signals: Our Service does not currently respond to DNT browser signals or similar mechanisms. We will update this disclosure if Our practices change.

11. California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

If You are a California resident, the CCPA as amended by the CPRA provides You with specific rights regarding Your Personal Information.

Categories of Personal Information We Collect

In the past 12 months, We have collected the following categories of Personal Information from California residents:

  • Identifiers: Name, email address, IP address, device identifiers, and account username.
  • Personal Information (Cal. Civ. Code §1798.80(e)): Name and email address.
  • Sensitive Personal Information – Health and Fitness Data: Workout logs, exercise history, weight, height, body measurements, outdoor activity GPS routes, and similar data You voluntarily provide. Treated as Sensitive Personal Information under CPRA.
  • Commercial Information: In-app purchase history and subscription status, processed via RevenueCat, Apple, and Google.
  • Internet or Electronic Network Activity: Usage patterns, interactions with the Service, and AI feature usage data.
  • Geolocation Data: Precise location (GPS coordinates) collected with Your permission during outdoor activity tracking sessions, including in the background while a session is active.
  • Inferences: Derived from the above to reflect Your fitness preferences and activity within the app.

How We Use and Share Personal Information

We collect and use the categories above for the business and commercial purposes described in this Policy. We do not sell Your Personal Information. We do not share Your Personal Information for cross-context behavioral advertising.

Your CCPA/CPRA Rights

  • Right to Know: Request disclosure of the categories and specific pieces of Personal Information We have collected, used, or disclosed.
  • Right to Delete: Request deletion of Personal Information We have collected, subject to exceptions.
  • Right to Correct: Request correction of inaccurate Personal Information We maintain.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share Personal Information for behavioral advertising. Contact Us to confirm.
  • Right to Limit Use of Sensitive Personal Information: You may limit Our use of Sensitive Personal Information (including Health Data) to that necessary to provide the Service. We do not use Sensitive Personal Information beyond core Application features.
  • Right to Non-Discrimination: We will not discriminate against You for exercising any of Your CCPA/CPRA rights.

To submit a verifiable consumer request, email support@hercules-gym.com with the subject line "California Privacy Request". We will acknowledge within 10 business days and respond within 45 days (extendable by 45 days with notice). You may submit up to two requests per 12-month period.

Authorized Agent

A California resident may designate an authorized agent to submit a CCPA/CPRA request on their behalf. The agent must provide written authorization signed by You, and We may require You to verify Your identity directly before fulfilling the request.

Financial Incentives

We do not offer financial incentives or price differences in exchange for the collection, retention, or sale of Personal Information.

12. Age Restriction and Children's Privacy

Hercules – Gym Tracker is intended exclusively for users 18 years of age or older. We do not knowingly collect personally identifiable information from anyone under the age of 18. By using the Service, You represent that You are at least 18 years of age.

If You are a parent or guardian and believe Your child has provided Us with Personal Data, please contact Us immediately at support@hercules-gym.com. If We become aware We have collected data from anyone under 18, We will take steps to remove that information from Our servers.

13. Links to Other Websites

Our Service may contain links to other websites not operated by Us. If You click on a third-party link, You will be directed to that site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify You of any material changes by posting the updated Privacy Policy on this page, updating the "Last Updated" date, and sending You an email notification prior to the change becoming effective. Changes are effective when posted on this page.

15. Contact Us

If You have any questions about this Privacy Policy or wish to exercise any of Your rights, please contact Us:

For GDPR inquiries, include "GDPR Request" in the subject line. For California privacy rights requests, include "California Privacy Request" in the subject line.